#### Preconfiguration file ## ## The following preseeding might be used to install a basic system ## completely automatically. ## ## A user 'ansible' is set up and ssh login with public key ## authentication is configured. The idea is to allow further ## customization of the system after installation using ansible. ## ## Modify at least the public ssh key in 'authorized_keys' (see ## below). ## ## For more examples and comments consult: ## https://www.debian.org/releases/stable/example-preseed.txt ## ## To change default values: #d-i foo/bar seen false #d-i foo/bar string value ## Useful boot parameters: ## DEBCONF_DEBUG=5 ## locale?=de_DE ## To set the hostname manually during installation, use priority=high ## as boot parameter and uncomment this line: #d-i debconf/priority string critical ## Preseeding only locale sets language, country and locale: d-i debian-installer/locale string en_US.UTF-8 d-i keyboard-configuration/xkb-keymap select us #d-i debian-installer/language string en_US:en #d-i debian-installer/country string DE ## netcfg will choose an interface that has link if possible. This makes it ## skip displaying a list if there is more than one interface: #d-i netcfg/choose_interface select auto ## Use hostname assigned by DHCP: d-i netcfg/get_hostname string unassigned-hostname d-i netcfg/get_domain string unassigned-domain ## Skip root account: d-i passwd/root-login boolean false ## If non-free firmware is needed for the network or other hardware, you can ## configure the installer to always try to load it, without prompting. Or ## change to false to disable asking. d-i hw-detect/load_firmware boolean true ### Apt setup d-i apt-setup/non-free-firmware boolean true d-i apt-setup/non-free boolean true d-i apt-setup/contrib boolean true d-i mirror/country string manual d-i mirror/http/hostname string deb.debian.org d-i mirror/http/directory string /debian d-i mirror/http/proxy string ### Backports: #apt-setup-udeb apt-setup/services-select multiselect security, updates, backports ### Ansible User d-i passwd/user-fullname string Ansible User d-i passwd/username string ansible d-i passwd/user-password password insecure d-i passwd/user-password-again password insecure #d-i passwd/user-password-crypted password [crypt(3) hash] ### Do not ask about support for non-efi systems: d-i partman-efi/non_efi_system boolean true ### Leave this empty to use the only available hard drive: d-i partman-auto/disk string #d-i partman-auto/disk string /dev/sda #d-i partman-auto/disk string /dev/vda ### Regular partitions: d-i partman-auto/method string regular d-i partman-auto/choose_recipe select atomic ## This makes partman automatically partition without confirmation: d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true # ### Enable to set up LVM: # d-i partman-auto/method string lvm # ## Use only 50% of the available physical volume size and then # ## adjust the logical volume sizes later with ansible, if needed: # d-i partman-auto-lvm/guided_size PERCENT 50% # # If one of the disks that are going to be automatically partitioned # # contains an old LVM configuration, the user will normally receive a # # warning. This can be preseeded away... # d-i partman-lvm/device_remove_lvm boolean true # # The same applies to pre-existing software RAID array: # d-i partman-md/device_remove_md boolean true # # And the same goes for the confirmation to write the lvm partitions. # d-i partman-lvm/confirm boolean true # d-i partman-lvm/confirm_nooverwrite boolean true # # You can choose one of the three predefined partitioning recipes: # # - atomic: all files in one partition # # - home: separate /home partition # # - multi: separate /home, /var, and /tmp partitions # d-i partman-auto/choose_recipe select multi ### Package selection #tasksel tasksel/first multiselect standard, ssh-server, gnome-desktop tasksel tasksel/first multiselect standard, ssh-server ### Individual additional packages to install d-i pkgsel/include string firmware-linux ansible git #d-i pkgsel/include string firmware-linux ansible/bookworm-backports git #d-i pkgsel/include string firmware-linux ### GRUB on default disk: d-i grub-installer/bootdev string default ### This command is run just before the install finishes: d-i preseed/late_command string \ mkdir -p /target/home/ansible/.ssh && \ echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6tlRPOPBdxAJKLCNH+7S3fHhxzu64HViJQDFZbbI+Mbd+wwx6fe7ba1XZ8TXcFGmipHBYiOVaGMXIeJvGsEK3P1ULXNcNygrXl6HzjKDyL+iX3e7plsOQRHFoNfaGSjFtY5cRFeE4pGG7c1Q6EZqzxt1VZX94zhQBGNi8YxSGz4vp+MRH/OaJBvxPKQuBt0jQR/S1v5B8inDk+qty7/0wqnAQLbwvRchJqd7WpOGpk+8bgw+N4r5wA5kwM+QA52VNai5dVgrTzmJXKPRPpQrlvBzp38NW54S6Z894iR+5Hs9TWUWltPZZBYrQhiKWA8bvBieSLEP3yttchxZhh1yh ansible@installbox" >> /target/home/ansible/.ssh/authorized_keys ; \ in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \ in-target chmod -R og= /home/ansible/.ssh/ ; \ if [ -n "$playbook" ] ; then \ mkdir -v /target/dev/shm ; \ in-target mount -v -t tmpfs tmpfs /dev/shm ; \ in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \ -i localhost, --url=https://salsa.debian.org/andi/debian-lan-ansible.git $playbook ; \ fi # -i localhost, --url=git://installbox/.git $playbook # ## A vault secret can be provided as boot parameter too: # # if [ -n "$playbook" ] ; then \ # mkdir -v /target/dev/shm ; \ # in-target mount -v -t tmpfs tmpfs /dev/shm ; \ # echo "$vaultpw" > /target/dev/shm/vaultpw ; \ # in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \ # --vault-password-file /dev/shm/vaultpw \ # -i localhost, --url=https://salsa.debian.org/andi/debian-lan-ansible.git $playbook ; \ # fi # ## Replace key with: sed -i "s#echo \".\+\"#echo \"$(cat ~/.ssh/id_rsa.pub)\"#" preseed.cfg # ## When installing in combination with ansible-pull, ## export your ansible playbook like: ## ## git daemon --verbose --export-all \ ## --base-path=/dir/of/playbook -- /dir/of/playbook ## ## Conditions may be applied in the playbook like: ## when: run_in_installer|default(false)|bool ## when: not run_in_installer|default(false)|bool ### Avoid that last message about the install being complete. d-i finish-install/reboot_in_progress note